So I am really reeling it back in here, as I think I got over ambitious without learning the basics, so I am just going to do a simple configuration here.
For R2, I want to make a Summary route based on the following network numbers:
interface Loopback1
ip address 1.1.1.1 255.255.255.255
interface Loopback101
ip address 100.1.0.1 255.255.0.0
interface Loopback102
ip address 100.2.0.1 255.255.0.0
interface Loopback103
ip address 100.3.0.1 255.255.0.0
interface Loopback104
ip address 100.4.0.1 255.255.0.0
interface Loopback105
ip address 100.5.0.1 255.255.0.0
interface Loopback106
ip address 100.6.0.1 255.255.0.0
interface Loopback107
ip address 100.7.0.1 255.255.0.0
Which to save the summarization math on here, the summary route will be 100.0.0.0 /13. I have added these loopbacks to R2’s OSPF config as Area 100, then used the “area 100 range …” command to summarize the route:
R2(config)#router ospf 1
R2(config-router)#network 100.1.0.0 0.0.255.255 area 100
R2(config-router)#network 100.2.0.0 0.0.255.255 area 100
R2(config-router)#network 100.3.0.0 0.0.255.255 area 100
R2(config-router)#network 100.4.0.0 0.0.255.255 area 100
R2(config-router)#network 100.5.0.0 0.0.255.255 area 100
R2(config-router)#network 100.6.0.0 0.0.255.255 area 100
R2(config-router)#network 100.7.0.0 0.0.255.255 area 100
R2(config-router)#area 100 range 100.0.0.0 255.248.0.0
R2(config-router)#
And on R1:
R1#show ip route ospf
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/65] via 172.12.12.2, 00:23:57, Serial0/0
100.0.0.0/13 is subnetted, 1 subnets
O IA 100.0.0.0 [110/65] via 172.12.12.2, 00:01:26, Serial0/0
R1#
And here is one goof up that will cost you exam points / your job if you don’t pay attention:
R1(config-router)#redistribute ospf 1
R1(config-router)#exit
R1(config)#exit
R1#wr
Building configuration…
*Mar 1 14:53:13.956: %SYS-5-CONFIG_I: Configured from console by console
ASR#3
[Resuming connection 3 to r3 … ]
R3#
R3#sh ip route
Gateway of last resort is not set
33.0.0.0/24 is subnetted, 1 subnets
C 33.33.33.0 is directly connected, Loopback33
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback3
172.12.0.0/24 is subnetted, 1 subnets
C 172.12.13.0 is directly connected, Serial0/2
This table should have D EX routes from OSPF in it, and the fact that it does not is disconcerting, what could possibly be going wrong now. I ran a “debug ip pack” to see if it would show me any valuable information regarding not getting my redistributed routes, but just saw the occasional Hello traffic.
So I got on R1 to really look at the redistribute command, with a ? after each statement, to fully understand what I was typing:
R1(config)#router eigrp 100
R1(config-router)#redistribute ?
bgp Border Gateway Protocol (BGP)
connected Connected
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
isis ISO IS-IS
iso-igrp IGRP for OSI networks
metric Metric for redistributed routes
mobile Mobile routes
odr On Demand stub Routes
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
route-map Route map reference
static Static routes
<cr>
R1(config-router)#redistribute ospf ?
<1-65535> Process ID
R1(config-router)#redistribute ospf 1 ?
match Redistribution of OSPF routes
metric Metric for redistributed routes
route-map Route map reference
vrf VPN Routing/Forwarding Instance
<cr>
R1(config-router)#redistribute ospf 1 metric ?
<1-4294967295> Bandwidth metric in Kbits per second
***There it is! This rang a bell in my head, because when you redistribute protocols you MUST define it’s metric in the following statement format, because it has no “seed” or default metric like OSPF or RIP.***
So I present to you, the simple fix, and the confirmation that it worked:
R1(config-router)#no redistribute ospf 1
R1(config-router)#redistribute ospf 1 metric 1544 10 1 255 1500
R1(config-router)#
ASR#3
[Resuming connection 3 to r3 … ]
R3#sh ip route
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
D EX 2.2.2.2 [170/2172416] via 172.12.13.1, 00:00:15, Serial0/2
100.0.0.0/13 is subnetted, 1 subnets
D EX 100.0.0.0 [170/2172416] via 172.12.13.1, 00:00:15, Serial0/2
33.0.0.0/24 is subnetted, 1 subnets
C 33.33.33.0 is directly connected, Loopback33
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback3
172.12.0.0/24 is subnetted, 2 subnets
D EX 172.12.12.0 [170/2172416] via 172.12.13.1, 00:00:15, Serial0/2
C 172.12.13.0 is directly connected, Serial0/2
R3#
Now that I am making some strides here, I am going to apply a distribution list blocking R3 from seeing just that 2.2.2.2 network (I hope):
R1(config)#access-list 22 deny 2.2.2.0 0.0.0.255
R1(config)#access-list 22 permit any
R1(config)#router eigrp 100
R1(config-router)#distribute-list 22 out ospf 1
R1(config-router)#
*Mar 1 15:18:40.126: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.12.13.3 (Serial0/1) is resync: route configuration changed
R1(config-router)#
ASR#3
[Resuming connection 3 to r3 … ]
*Mar 1 18:21:36.193: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.12.13.1 (Serial0/2) is resync: peer graceful-restart
R3#show ip route
Gateway of last resort is not set
100.0.0.0/13 is subnetted, 1 subnets
D EX 100.0.0.0 [170/2172416] via 172.12.13.1, 00:20:21, Serial0/2
33.0.0.0/24 is subnetted, 1 subnets
C 33.33.33.0 is directly connected, Loopback33
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback3
172.12.0.0/24 is subnetted, 2 subnets
D EX 172.12.12.0 [170/2172416] via 172.12.13.1, 00:20:21, Serial0/2
C 172.12.13.0 is directly connected, Serial0/2
R3#
YES! YES YES YESSSSSSS YES YEEEEEEEEESSSSSS!!!!!!!! I cannot believe my eyes, it is actually working. A couple of things about configuring this:
- You write the distribute list in the protocol you are redistributing into, so if you are distributing EIGRP into OSPF, your beginning command will be “router ospf 1”
- The list must be made before the Distribute-List as it is referenced in the Dist-List
- The list will implicitly deny anything that is not explicitly permitted – remember that
- The protocol at the end of the command, is the one being redistributed, that you are filtering routes for
It is easy to overlook something, especially my run in with not putting a metric on EIGRP redistribution, for things not to work.
HOWEVER IT IS NOT TIME TO POP THE CORKS YET, SEE OUR PING TESTS BELOW TO CONFIRM CONNECTIVITY BETWEEN OUR BELOVED NETWORKS:
R3#ping 100.0.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.0.0.5, timeout is 2 seconds:
….. <- NOOOO
Success rate is 0 percent (0/5)
R3#ping 172.12.13.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
R3#ping 172.12.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
R3#ping 172.12.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.12.2, timeout is 2 seconds:
….. <- NOOOO
Success rate is 0 percent (0/5)
R3#
I knew it was too good to be true. So let’s go see what the problem is with R2’s serial interface that it does not want to air five us back:
R2#show ip route
Gateway of last resort is not set
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback2
100.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 100.4.0.0/16 is directly connected, Loopback104
C 100.5.0.0/16 is directly connected, Loopback105
C 100.6.0.0/16 is directly connected, Loopback106
C 100.7.0.0/16 is directly connected, Loopback107
O 100.0.0.0/13 is a summary, 00:44:39, Null0
C 100.1.0.0/16 is directly connected, Loopback101
C 100.2.0.0/16 is directly connected, Loopback102
C 100.3.0.0/16 is directly connected, Loopback103
172.12.0.0/24 is subnetted, 1 subnets
C 172.12.12.0 is directly connected, Serial0/0
R2#
Ahhh, right, communication is a two way street isn’t it, to R1 we go:
R1(config-router)#default-information originate always
R1(config-router)#
ASR#2
[Resuming connection 2 to r2 … ]
R2#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is 172.12.12.1 to network 0.0.0.0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback2
100.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 100.4.0.0/16 is directly connected, Loopback104
C 100.5.0.0/16 is directly connected, Loopback105
C 100.6.0.0/16 is directly connected, Loopback106
C 100.7.0.0/16 is directly connected, Loopback107
O 100.0.0.0/13 is a summary, 00:46:55, Null0
C 100.1.0.0/16 is directly connected, Loopback101
C 100.2.0.0/16 is directly connected, Loopback102
C 100.3.0.0/16 is directly connected, Loopback103
172.12.0.0/24 is subnetted, 1 subnets
C 172.12.12.0 is directly connected, Serial0/0
O*E2 0.0.0.0/0 [110/1] via 172.12.12.1, 00:00:14, Serial0/0
R2#
This is a perfect scenario for “default-information originate [always]”, which tells every other router in it’s area that I am the dumping ground for any traffic you do not have a specific route to. I found it interesting that it advertises itself as OSPF External / Redistributed default route, and set the Gateway of last resort.
The ULTIMATE Cisco Exam Gotcha Takewaway moment from this: IF YOU SEE AN EXTERNAL OSPF ROUTE IN YOUR OSPF NETWORK, IT IS BECAUSE DEFAULT-INFORMATION ORIGINATE WAS ISSUED ON THE ROUTER AT THE IP IN THE ROUTE!
So I would bet R3 will have no problem getting a reply back now, but lets give it a try:
Sending 5, 100-byte ICMP Echos to 100.0.0.5, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
R3#ping 172.12.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
R3#
Uhhh, ok time to check some things on R2, basic configs first this time before I find it in them hours later:
R2#
R2#show ip int bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM administratively down down
Serial0/0 172.12.12.2 YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/1 unassigned YES NVRAM administratively down down
Loopback2 2.2.2.2 YES NVRAM up up
Loopback101 100.1.0.1 YES manual up up
Loopback102 100.2.0.1 YES manual up up
Loopback103 100.3.0.1 YES manual up up
Loopback104 100.4.0.1 YES manual up up
Loopback105 100.5.0.1 YES manual up up
Loopback106 100.6.0.1 YES manual up up
Loopback107 100.7.0.1 YES manual up up
R2#
ASR#3
[Resuming connection 3 to r3 … ]
R3#ping 100.5.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.5.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/61 ms
R3#
User error, I think my mind is starting to melt out of my ears from battling not just to make it work, now that it’s 2am I think it’s time to turn the lab off – Nothing like a Friday night to shut all the windows and sit in front of a command line!
So this is how Distribute-List’s actually work properly, how ACL’s are written properly, and how IP’s to ping are typed properly 🙂
I will use this same topology, only EIGRP Redistributing into OSPF with the long list of loopbacks, and if that goes well I might put this back into my full-fledge Branch Office topology and try integrating Distribute-Lists once more into that.
Onward and upward!
The DEVNET GRIND! 